Add a new MANAGE_IPSEC_TUNNELS permission and
protect all IPsec Tunnel mode APIs with it.
This permission is only granted to the system or
through an AppOp.
Bug: 66955045
Test: compilation
Change-Id: I0f618373b500c493ef2211bece681f74652a1833
Changed the existing hidden api setPackagesSuspendedAsUser to a system
api setPackagesSuspended that can be called by apps with either
MANAGE_USERS or SUSPEND_APPS permission. Additionally, the suspending
app can now specify optional extra information meant to be used by the
suspended apps and the launcher to deal with this state.
The following other APIs are added:
- isPackageSuspended(): Apps can query whether they are in a suspended
state
- @SystemApi getPackageSuspendedAppExtras(String): Apps with permission
SUSPEND_APPS can get the appExtras passed to PM when suspending the
app.
- @SystemApi setPackageSuspendedAppExtras(String, PersistableBundle):
Apps with permission SUSPEND_APPS can update app extras for a
suspended package.
- getPackageSuspendedAppExtras(): Apps can call to get the appExtras
passed in to PM when they were suspended.
Test: Can be run via:
atest com.android.server.pm.PackageManagerSettingsTests
atest com.android.server.pm.PackageUserStateTest
atest com.android.server.pm.SuspendPackagesTest
Bug: 74336673
Change-Id: I3b9ed2c8478b34ee2e8986f5f5fddb2839d102e3
It will be removed before the final P build.
Test: atest FrameworksServicesTests:AutofillManagerServiceTest CtsAutoFillServiceTestCases
Fixes: 74445943
Change-Id: I9bc243a3c1ae78f2c385dbb907d362d8ab16b34c
Bug: 73788969
Test: I501e8b76aacd785cb994165ab01dc1b39fea3a1c
Move them into ImageDecoder.DecodeException, which is where they are
actually used. This also provides some more context, so that the prefix
"ERROR_" is no longer necessary, fixing the redundancy/awkwardness in
ERROR_SOURCE_ERROR. Further rename that to SOURCE_MALFORMED_DATA, which
is more descriptive, and does not imply a Java Error.
Change-Id: Ied17ad343650f9c33d9a35b0f9d00ccc22264bd6
The other methods expose raw key materials, which is a security flaw. This
new API is already being used by GMSCore, via reflection (although falling
back to the old methods if it is not available). Would be good to switch it
on ASAP.
Bug: 74345822
Test: Tested with GMSCore
Change-Id: I30d53c9e825888d1122c72d23b7c1c10c6edb1e9
This is so we can add a GTS test to affirm that GMS devices include the
Google Cloud Key Vault root certificate.
Test: runtest frameworks-core -p android.security.keystore.recovery
Bug: 74621045
Change-Id: Ib6431f5739f3dff066832e6aa300dd9da5bc0727
The syntax of that setting changed from P Developer Preview1 to the final P, so
it's safer to use a new name than risk breaking devices during the update.
Bug: 74458004
Test: atest CtsAutoFillServiceTestCases:VirtualContainerActivityCompatModeTest\
FrameworksCoreTests:SettingsBackupTest
Change-Id: I1c507e8eae20f598dfe259178667ae6c2bc892ff
Add a new AppOp to allow bound system services
such as TelephonyDataServices and potentially
VPN providers to access the IPsec tunnel
management APIs. Since this is not directly
user-facing, and not all System apps should have
this privilege, the access is only granted via
an AppOp or to the system itself.
Bug: 66955045
Test: compilation (still WIP)
Change-Id: I0b0528c75c622d8538baeec019c3672cbed5d899
This patch:
- remove the RECORD_UNTIL_FULL_LARGE_BUFFER tracing option, because
this does not appear really useful in the production setting as
the buffer size limit exceeds the device memory and can grow
uncontrollably large.
- make RECORD_CONTINUOUSLY the default mode for tracing, to make
sure the least memory is used by default (typically 4x less than the
previous default RECORD_UNTIL_FULL).
- add some missing IntDef values (to make them match with the constants)
BUG: 63750258
Test: CTS
Change-Id: Ib3698273dee776ebc7a8388fc1bd8c80255e3b63
Bug: 73788969
Test: If9e27a6ce2604128a619bc4843d62711f94b4d87
Add a new Exception subclass that contains information about the type of
error, and the original Exception, if any. Remove the old
IncompleteException class. If the decode creates a partial image, pass
the information up to Java, where we create the new Exception and pass
it to the callback and/or throw it. Rewrite nDecodeBitmap to always take
the ImageDecoder as a parameter for this callback, and simply use a
boolean to determine whether to call onPostProcess
Check for exceptions in some overlooked cases in native code, and
route to the new type.
Remove FIXME to avoid parsing the whole image. In my limited testing,
it didn't seem to speed anything up, and this should be called in a
background thread anyway. Parsing now also ensures that we've read the
stream when we can have a chance to handle the exception from the right
place.
Remove fixme for b/70626068, which has been marked as WontFix.
Add a TestApi for testing an Exception thrown by an InputStream.
Remove onPartialImage from hiddenapi-light-greylist.txt to fix the build
error this change introduces. onPartialImage was erroneously added to
the list.
Change-Id: I12f69857328e63c993bd669412b06addeb6a74f1
When exposing the APIs, these were missed.
The outer structure is exposed, so this exposes
the addAddress and removeAddress methods.
Bug: 75234273
Test: compilation
Merged-In: I79911434f9baa660e4d8564cc59d80da4a710c42
Change-Id: I79911434f9baa660e4d8564cc59d80da4a710c42
(cherry picked from commit a83601a511)
The service is meant to replace the PendingIntent based API. Once all
users of the PendingIntent based API switched the PendingIntent based API
will be removed.
To have as little as possible impact on the whole SoundTrigger framework
the RemoteSoundTriggerDetectionService class implements the same
interface as the PendingIntent based class. Hence the exising code has
very little change. Further once the old code can be removed the amount
of changed (and added) code is limited.
The RemoteSoundTriggerDetectionService -> SoundTriggerDetectionService
is a vanilla as possible service implementation. The special behaviors
are:
- The system holds a wakelock while service operations are in progress
and the service is bound as foreground. Hence the service can e.g.
listen to the microphone.
- Service operations have a certain amount of time they are allowed to
run. Once every operation is either finished or the the operation
exceeded the allotted time, the system calls onStopOperation for each
still pending operation. This is a similar model as for the commonly
used JobService.
Please note that if the time allowed for an operation is 15s and
op1 was run as 0si, and op1 was run at 5s, the service is allowed to run
until 20s. Hence _both_ onStopOperations will happen at 20s. This is
done for ease of implementation but should not give the service more
power than calling onStopOperation exactly 15s after each operation is
triggered.
- If an operation is done before the allotted time is reached, the
service can declare the operation as finished manually by calling
onOperationFinished. This is a call back into the system, hence a
'client' binder is sent to the service. If the operation is finished
by calling this method onStopOperation will not be called.
- As the service instance might be killed and restored between
operations we add a opaque bundle 'params' to each operations. The users
of the API can use this to send data from the start command to the
operations. It can also just be set to null. The params are not meant to
store changing state in between operations. Such state needs to be
persisted using the regular methods (e.g. write it to disk)
- A service can be used for multiple recognition sessions. Each
recognition is uniquelity defined by its sound model UUID. Hence each
operation gets at least tree arguments: Operation ID, sound mode UUID, params
- As a small optimization the params are cached inside of the service
instance.
The time allowed for each operation is in a @SystemAPI global setting,
so the service can make sure it finishes the operations before they are
stopped. It might take some time to deliver the operations via the
binder, hence it is not recommended to try to use every last ms of
allotted time.
Test: atest SoundTriggerDetectionServiceTest (added in separate CL)
atest android.provider.SettingsBackupTest
Change-Id: I47f813b7a5138a6f24732197813a605d29f85a93
Fixes: 73829108
These APIs require a system permissions, hence SystemAPI.
As SoundTrigger is now partially SystemApi and partially internal API a
lot of @hide tags are needed to keep hiding the still internal classes,
fields and methods. As SoundTrigger is heavily used via reflection no
structural change to this class can be made.
The MANAGE_SOUND_TRIGGER permission should be visible to the apps as
the apps need to know which permission to request in their manifest.
If it wouldn't be exposed it would just be a magic string.
Test: built
Change-Id: Ic93d67639e2605c26c961acdd827c14cb0a68f47
Bug: 73829108, 71981721
We want to rename WebView.getLooper() to contrast it better with the
unrelated method WebView.getHandler(). For now we just create a method
to replace WebView.getLooper(), so that we can remove references to
WebView.getLooper() before removing it.
Bug: 74831609
Test: make
Change-Id: I8e493a67aa078f9c8ceea6706dc940abacfdd6e6
